30 May
2014
30 May
'14
2:51 a.m.
--On Thursday, May 29, 2014 12:43:16 PM -0400 zep zgreenfelder@gmail.com wrote:
I'm not sure if this is helpful to anyone else and I can't decide if it's mildly clever or just a stupid pet trick, really.
[...]
I put /boot, / and /usr on the USB drive, set encrypted partitions for swap, /home, /opt, /var and put them as well as the boot loader the internal drive. so now the USB drive is quite literally acting like a 'key' for whole laptop.
You may find this of interest in that case: http://www.gno.org/~gdr/sysadmin/centos/6/usb-crypto-key.html That configuration has the benefit that if you don't have the USB key, it does a fail-safe fallback to asking for a crypto passphrase.
Devin